Strawman -10/EMSK deletion requirement?

 
> Madjid>>I guess the number of people who are not
sure about definition
> of AAA layer is more than one 
> Joking aside, what is your reason what not making EMSK
available to
> lower layer, while doing so for MSK is ok? What is the
fundamental
> difference.
> > 
[Joe] If you pass the EMSK to the lower layer it becomes
effectively the
same as the MSK.  If you want use the EMSK to key an
independent
application that uses a different authenticator the security
of that
application becomes completely dependent upon the lower
layer its
authenticator.  

> > In both cases we require deletion of EMSK after
generation of AMSK, 
> > why?
> > 
> [Joe] To minimize the chance of exposure of the EMSK. 
Why do you need
> to cache it? Could you generate and cache an AMSK
instead?  
> 
> Madjid>>because a priori I cannot know how many
AMSKs I may 
> need later.
> An application may pop up later that needs keying or I
move to a
> different domain that may require a new AMSK, but I
cannot anticipate
> the move ahead of time...
> 
[Joe] A different application I may understand although it
seems the
system typically knows the applications that are in use.  If
you don't
I'm not sure how can authorize the distribution of keys. 
For the
handoff case consider deriving an Handoff AMSK from the
EMSK.  This
handoff AMSK becomes the root of all keys used for handoff.
When you
move you derive a key from the handoff AMSK. 

> 
> > Thanks,
> > 
> > Madjid
> > 
> > -----Original Message-----
> > From: Salowey, Joe [mailto:jsaloweycisco.com]
> > Sent: Wednesday, March 01, 2006 5:17 PM
> > To: Nakhjiri Madjid-MNAKHJI1; Rafa Marin Lopez;
Bernard Aboba
> > Cc: eapfrascone.com
> > Subject: RE: [eap] Strawman -10
> > 
> >  
> > 
> > > -----Original Message-----
> > > From: Nakhjiri Madjid-MNAKHJI1 
> [mailto:Madjid.Nakhjirimotorola.com]
> > > Sent: Wednesday, March 01, 2006 2:38 PM
> > > To: Rafa Marin Lopez; Bernard Aboba
> > > Cc: eapfrascone.com
> > > Subject: RE: [eap] Strawman -10
> > > 
> > > Madjid>>Again, why is deletion of EMSK
after generation of
> > > one AMSK is a
> > > requirements. What if we need to create
multiple AMSKs 
> and that at 
> > > multiple occassions?
> > > 
> > > 
> > > 
> > > Well, actually, lower layer authenticator
implementation
> > should expect
> > > (MSK,EMSK) in the case EAP method is executed
by the standalone 
> > > authenticator or (MSK,AMSK) in the case EAP
method is executed by 
> > > backend authentication server. If it receives
(MSK,EMSK)
> > should create
> > 
> > > AMSK and delete EMSK. If it receives
(MSK,AMSK) , that's
> > all, correct?
> > 
> > [Joe] Not really, strictly speaking the lower
layer 
> shouldn't expect 
> > to receive the EMSK as that would break mode
independence.  An 
> > architectural description should not have the
lower layer receiving 
> > the keys. From a supplicant perspective it must
appear the same 
> > whether an external EAP-Server or a collocated EAP
server is used.  
> > Now I don't know what is going on inside your
box, it could all be 
> > monolithic when a internal EAP server is used but
that shouldn't be 
> > visible to the external world.  If I was
interested in 
> cryptographic 
> > module separation I might not be too happy if you
shared 
> the EMSK with
> 
> > the lower layer.
> > 
> > >
____________________________________________________________
_____
> > > To unsubscribe or modify your subscription
options, please visit:
> > > http:/
/lists.frascone.com/mailman/listinfo/eap
> > > 
> > > Arhives: http://lists.
frascone.com/pipermail/eap
> > > 
> > 
> 
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.
frascone.com/pipermail/eap